基于密钥分发和密文抽样的云数据确定性删除方案

针对云数据过期后不及时删除容易导致非授权访问和隐私泄露等问题，结合加密算法和分布式哈希表（DHT）网络，提出一种基于密钥分发和密文抽样的云数据确定性删除方案。首先加密明文，再随机抽样密文，将抽样后的不完整密文上传到云端；然后评估DHT网络中各节点的信任值，使用秘密共享算法处理密钥，并将子密钥分发到信任值高的节点上；最后，密钥通过DHT网络的周期性自更新功能实现自动删除，通过调用Hadoop分布式文件系统（HDFS）的接口上传随机数据覆写密文，实现密文的完全删除。通过删除密钥和云端密文实现云数据的确定性删除。安全性分析和性能分析表明所提方案是安全和高效的。

Cloud data assured deletion scheme based on key distribution and ciphertext sampling

If cloud data is not deleted in time after expiration, it may lead to unauthorized access and privacy leakage. For above issue, a cloud data assured deletion scheme based on key distribution and ciphertext sampling was proposed. It was composed of the encryption algorithm and Distributed Hash Table (DHT) network. Firstly, the plaintext was encrypted into the ciphertext. The ciphertext was sampled by random sampling algorithm. The incomplete ciphertext was uploaded to the cloud. Secondly, The trust value of each node in the DHT network was evaluated by evaluative method. The encryption key was processed into the subkeys by Shamir secret sharing algorithm, and the subkeys were distributed into the nodes with high trust degree. Finally, the encryption key was automatically deleted by the periodic self-updating function of the DHT network. The ciphertext in the cloud was overwritten by uploading random data through the Hadoop Distributed File System (HDFS)'s interface. Assured deletion of cloud data was done by deleting the encryption key and the ciphertext. The security analysis and performance analysis demonstrate that the proposed scheme is secure and efficient.